On 19/05/16 03:17, Paul Wise wrote:
> On Wed, May 18, 2016 at 9:20 PM, Daniel Pocock wrote:
>
>> Can anybody comment on how Debian users will be impacted by SHA-1
>> deprecation?
>
> There is some info related to that in these two wiki pages:
>
> https://w
Can anybody comment on how Debian users will be impacted by SHA-1
deprecation?
In particular:
- will libraries like OpenSSL and GnuTLS continue to support it in
stretch and beyond?
- will web servers like Apache support it in server certificates or
certificate chains?
- will web servers and
On 08/12/14 21:28, Daniel Pocock wrote:
On 08/12/14 21:16, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
If I understand your reply correctly, the version in Ubuntu and Fedora
will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
Do
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
- adding configuration options to override the options to
SSL_CTX_set_options (as it is possible there will be some user with old
VoIP hardware out there who
On 08/12/14 10:20, Adam D. Barratt wrote:
On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote:
[...]
If it will help the release team, is there anybody from the security
team who could review the changes in my debdiff?
Note that debian-security@lists.debian.org is not a contact address
On 08/12/14 10:48, Thijs Kinkhorst wrote:
Hi Daniel,
On Mon, December 8, 2014 09:16, Daniel Pocock wrote:
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
- adding configuration options to override the options
On 08/12/14 11:12, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
This has no effect in jessie. SSLv2 and SSLv3
On 08/12/14 12:04, Thijs Kinkhorst wrote:
On Mon, December 8, 2014 11:17, Daniel Pocock wrote:
In the library package (libresiprocate-1.9.deb) there is no default
SSL/TLS mode. It uses whatever the project using the library selects.
If some developer wants to enable dynamic selection of TLS
On 08/12/14 12:36, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
On 08/12/14 11:12, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's
On 08/12/14 13:53, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
Just one other point: if somebody is trying sending the client hello
using SSL v2 record layer but indicating support for TLS v1.0, should
TLSv1_method or SSLv23_method accept that?
I would
On 08/12/14 18:58, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
I have no idea what technology is in use in the remote/client system.
If my server socket is using TLSv1_method it is rejecting the connection
and logging those errors on my server:
error
On 08/12/14 19:25, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
Will the TLSv1 method be removed in jessie or while jessie is still
supported?
This is something post jessie.
Is it something that is going to happen with Ubuntu releases next year
(e.g
On 08/12/14 20:06, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
Is it something that is going to happen with Ubuntu releases next year
(e.g. April 2015)?
If so, it means that the repro package in jessie won't talk to a repro
package in Ubuntu.
I
On 08/12/14 21:16, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
If I understand your reply correctly, the version in Ubuntu and Fedora
will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
Do you believe it would be reasonable for me
14 matches
Mail list logo